Cyber-attacks over the next five years will cost U.S. health systems $305 billion in cumulative lifetime revenue, according to a report from Accenture.
The consulting company estimates that one in 13 patients—roughly 25 million people—will have personal information, such as social security or financial records, stolen from technology systems over the next five years.
"To ensure that providers do not suffer revenue loss due to security breaches, they must prioritize active defense strategies," Brian Kalis, managing director of digital health for Accenture, told eWEEK. "Accenture predicts these can thwart cyber-attacks by 53 percent over a two-year period. This requires risk-based approaches to cyber-security management, using analytics to identify significant events and threats, while enabling much faster responses to breaches."
Kalis noted consumers have significant responsibility when it comes to protecting their own data, explaining it’s important that consumers support and reward medical providers who practice good security and encourage conversations about privacy and data security.
"At a practical level, a consumer can communicate with their medical provider to request paper forms be shredded, confirm authenticity of emails and mailings requesting personal and medical data, use good, unique passwords and two-factor authentication wherever available, keep personal devices safe and up to date with antivirus, firewalls and other personal technologies especially when those are used to access medical records and communications," he said. "In addition, consumers should monitor their healthcare records and insurances claims for inaccuracies, which could be possible signs their medical identity has been compromised."
One in six (16 percent) of the affected patients, or 4 million people, will be victimized and pay out-of-pocket costs totaling almost $56 billion over the same time period.
Addressing cyber-security proactively can improve a provider’s ability to thwart attacks by an average of 53 percent, Accenture research shows.
"To successfully implement effective strategies to protect against today’s threats, organizations need to assess their current level of protection, along with the resources required to support meaningful transformations into more secure entities," Kalis said.
He explained one of the most important steps will be establishing an end-to-end enterprise security program, integrating it with existing enterprise architecture processes while embracing the cloud and other emerging technologies, boosting IT agility with the ability to reach customers faster.
"Equally as important will be ensuring that the organization can adapt to handle new threats by developing deep understanding of its adversaries' goals and techniques," he said.
Accenture used historical security breach data from the U.S. Department of Health and Human Services Office for Civil Rights to project the number of patients likely to be affected by healthcare provider data breaches from 2015 through 2019.
Based on medical identity theft information by the Ponemon Institute, Accenture calculated the number of affected patients who would become victims of medical identity theft and quantified the patient revenue that would be put at risk.